tags:

views:

3436

answers:

2
+1  Q: 

Java Active Directory Integrated Windows Authentication

You can see in the following posts

http://forums.sun.com/thread.jspa?threadID=603815

http://forums.devshed.com/ldap-programming-76/active-directory-services-using-java-api-89586.html an example of accessing LDAP using the InitialLdapContext class in Java. This requires a login and a password to be passed in. (Even though the service account or user running the java process has already logged in to be able to run.)

As the user or service account is already logged in - they can already run active directory commands like the following without a user name or password:

dsquery user -samid "login" |dsget user -samid -email -display

So why does Java need the login and a password - if this query is already available to windows? Kosuke hints that it is not required in this blog post under conclusion:

http://weblogs.java.net/blog/kohsuke/archive/2008/06/more_active_dir.html

My question is - how can we call active directory in java without:

  • using a login or password (running under an account that is already logged in)?
  • executing a command on the command line?
+2  A: 

This probably occurs because

  • You are using LDAP libraries/contexts to communicate with Active Directory, and these libraries need to support other types of LDAP (does AD even count as LDAP?)
  • The providers of these implementations are the ones requiring it. LDAP communication is done through providers that supply the implementation, it's not done by the actual Java runtime.
  • The current user's password is not (I hope) actually provided by Windows to Java.

When Windows authenticates you against AD as you run applications that require it, it presents some other set of credentials besides your actual password. These credentials are not available in Java, or at least none of the providers of LDAP communicators have provided a way to retrieve it.

In his other blog post on the subject Kohsuke expands a bit more on why things are the way they are in Java-land when it comes to Active Directory.

matt b  2009-06-18 02:43:23
A: 

Also you can look into the below link to find detailed instruction to make Windows Integrated Authentication working in Java Platform.

http://webmoli.com/2009/08/29/single-sign-on-in-java-platform/

Venkat  2009-09-09 04:25:15
Will this work in a non-web environment - say for a a command line application?
hawkeye  2010-07-06 02:55:56
No. This example is only for web with Internet Explorer.
Venkat  2010-07-06 03:06:58

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java